[{"data":1,"prerenderedAt":704},["ShallowReactive",2],{"/en-us/blog/top-5-compliance-features-to-leverage-in-gitlab/":3,"navigation-en-us":33,"banner-en-us":450,"footer-en-us":465,"Madeline Lake":676,"next-steps-en-us":689},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"seo":8,"content":16,"config":23,"_id":26,"_type":27,"title":28,"_source":29,"_file":30,"_stem":31,"_extension":32},"/en-us/blog/top-5-compliance-features-to-leverage-in-gitlab","blog",false,"",{"title":9,"description":10,"ogTitle":9,"ogDescription":10,"noIndex":6,"ogImage":11,"ogUrl":12,"ogSiteName":13,"ogType":14,"canonicalUrls":12,"schema":15},"Top 5 compliance features to leverage in GitLab","Highlighting features we use daily, our security team outlines 5 ways to configure your GitLab instance for increased security and compliance.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749679391/Blog/Hero%20Images/pexels-5strike.jpg","https://about.gitlab.com/blog/top-5-compliance-features-to-leverage-in-gitlab","https://about.gitlab.com","article","\n                        {\n        \"@context\": \"https://schema.org\",\n        \"@type\": \"Article\",\n        \"headline\": \"Top 5 compliance features to leverage in GitLab\",\n        \"author\": [{\"@type\":\"Person\",\"name\":\"Madeline Lake\"}],\n        \"datePublished\": \"2022-07-13\",\n      }",{"title":9,"description":10,"authors":17,"heroImage":11,"date":19,"body":20,"category":21,"tags":22},[18],"Madeline Lake","2022-07-13","\n\nGitLab's [compliance management capabilities](https://docs.gitlab.com/ee/administration/compliance.html) are designed to integrate compliance into development and deployment processes from the start. As a tenured compliance professional and member of our [Security Compliance team here at GitLab](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/), I can tell you from experience it is always easiest to design your processes to be secure and compliant from the start than it is to re-engineer existing processes to be compliant.\n\n**Why should you care about your GitLab instance being secure and compliant?**\nIn additon to reducing the risk of a breach and lowering costs, there are regulatory and compliance requirements to consider.\nTypically regulatory and compliance audits are unavoidable and can be time-consuming and stressful. However, GitLab has many easy-to-use, built-in features that may help fulfill your organization's compliance requirements and make your environment more secure. Here at GitLab, these are features we use everyday. The best part is, most of the features I'll outline below are included as [free features](/pricing/feature-comparison/).\n\n_Note: I'll add an asterisk (*) next to any feature which is not available on our free tier._\n\n**Here's the tl;dr list:**\n- [Enable Multi-Factor Authentication (MFA)](/blog/top-5-compliance-features-to-leverage-in-gitlab/#1-enable-mfa)\n- [Review privileged access for critical projects](/blog/top-5-compliance-features-to-leverage-in-gitlab/#2-review-privileged-access-for-critical-projects)\n- [Turn on protected branches](/blog/top-5-compliance-features-to-leverage-in-gitlab/#3-turn-on-protected-branches)\n- [Activate merge request approval settings](/blog/top-5-compliance-features-to-leverage-in-gitlab/#4-activate-merge-request-approval-settings-)\n- [Configure audit events](/blog/top-5-compliance-features-to-leverage-in-gitlab/#5-configure-audit-events-)\n\n\n## 1. Enable MFA\n\nEnabling MFA is simple and reduces the risk of attacks by making it more difficult to gain access to accounts.\n\nMFA can be enforced for all users in your GitLab instance in the admin center. Alternatively, MFA can be configured for accounts individually.\n\nYou can learn [how to enable MFA in our GitLab documentation](https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html).\n\n### Compliance standards and GitLab controls for MFA\n\nMFA relates to the following compliance standards:\n- AICPA TSC CC6.1\n- ISO 27001 2013 A9.2.3, A9.2.4, A.9.3.1, A9.4.3\n- NIST 800-53 IA-5, IA-5(1), IA-2(1), IA-2(2)\n\nIllustrative [GitLab controls for MFA](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/guidance/identification-and-authentication.html):\n- IAC-02: GitLab Inc. has implemented mechanisms to uniquely identify and authenticate organizational users and processes acting on behalf of organizational users.\n- IAC-06: GitLab Inc. has implemented automated mechanisms to enforce MFA for: remote network access; and/or non-console access to critical systems or systems that store, transmit and/or process sensitive data.\n\n## 2. Review privileged access for critical projects\n\nUndoubtedly, one of the biggest risks to your environment is logical access. To reduce the risk, we recommend administrators ensure access is restricted based on the [principle of least privilege](https://handbook.gitlab.com/handbook/security/access-management-policy.html#principle-of-least-privilege). Access should be monitored continuously as access changes can occur multiple times, daily, in most organizations. In order to appropriately review access in your GitLab instance, it is important to first understand the access security structure within GitLab.\n\n### Breaking down the access security structure\n\nWithin GitLab, there are six different roles that can be assigned to users - “Guest”, “Reporter”, “Developer”, “Maintainer”, “Owner” and “Administrator”.  Privileged access within GitLab is considered to be the “Administrator”, “Owners”, and “Maintainers” roles.\n\n#### GitLab Administrators receive all permissions\n\nOwners and Maintainers are considered administrative because these roles have permissions to do highly sensitive actions including but not limited to: managing merge settings; enabling or disabling branch protection; managing access to a project; managing access tokens; exporting a project; and deleting issues, merge requests, and projects.\n\nAs privileged access is the highest risk to your environment, these roles should be tightly controlled.\n\n**Some best practices in regards to ensuring access is restricted based on the principle of least privilege include:**\n- When privileged access is requested, ensure appropriate approvals are received prior to access being provisioned. _Best practice is to obtain approvals from the data owner and the manager of the user who's receiving access._\n- When a user changes job responsibilities or leaves the organization, ensure access is deprovisioned timely and any shared passwords or tokens are rotated. _Best practice is to do this within 72 hours or less._\n- Be sure to review access on a periodic basis to ensure access is still appropriately aligned to a user's job responsibilities. _Best practice is to do this on a quarterly basis and have access reviewed by the data owner._\n\n#### What to do when you identify inappropriate access\n\nWhen inappropriate access is identified, it is important to take immediate, mitigating actions by checking the user's last login date and checking audit logs as they are available to ensure no inappropriate transactions were performed. These mitigating actions should be conducted upon identification to ensure accessibility of information and to understand potential exposure.\n\nRefer to our [GitLab documentation regarding permissions and roles](https://docs.gitlab.com/ee/user/permissions.html) for more information.\n\n### Compliance standards and GitLab controls for privileged access\n\nPrivileged access relates to the following compliance standards:\n- AICPA TSC CC6.1, CC6.2, CC6.3\n- ISO 27001 2013 A9.2.1, A9.2.2, A9.2.3, A9.4.4\n- NIST 800-53 IA-12(4)\n\nIllustrative [GitLab controls for privileged access](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/guidance/identification-and-authentication.html):\n- IAC-07: GitLab Inc. has implemented mechanisms to utilize a formal user registration and de-registration process that governs the assignment of access rights.\n- IAC-16: GitLab Inc. has implemented mechanisms to restrict and control privileged access rights for users and services.\n- IAC-17: GitLab Inc. has implemented mechanisms to periodically review the privileges assigned to users to validate the need for such privileges; and reassign or remove privileges, if necessary, to correctly reflect organizational mission and business needs.\n\n## 3. Turn on protected branches\n\nWithin GitLab, role-based access can be used to give access to repositories and branches at the project level.  By utilizing protected branches, further restrictions can be configured on certain branches in order to protect them. Protecting your default branch is the most important; this branch is often called \"master\" or \"main\".\n\nSome best practice in regards to protection rules include:\n* Prevent commits directly into the default branch\n* Require a merge request each time there is a commit\n* Require approval by a codeowner before merging code\n\nProtected branches should be configured in accordance with your organization's change management policy. Here's an example of how to configure protection rules according to our recommendations:\n\n![file name](https://about.gitlab.com/images/blogimages/top-5/protected_branch_example.png){: .shadow}\nExample of how to configure branch protection rules\n{: .note.text-center}\n\n\nThis example shows that anyone with the “developer” and “maintainer” roles are allowed to merge to the default branch and “no one” is allowed to push directly to the default branch without a merge request. Further, codeowner approval must be obtained prior to merging.\n\nProtected branches can be modified by anyone with at least “maintainer” access. In order to monitor if protected branch settings are inappropriately modified, administrators should consider implementing a monitoring control by utilizing audit events.\n\nRefer to our [GitLab documentation regarding protected branches](https://docs.gitlab.com/ee/user/project/protected_branches.html#protected-branches) for more information.\n\n\n### Compliance standards and GitLab controls for branch protection\n\nBranch protection settings relate to the following compliance standards:\n- COSO Principle 9\n- AICPA TSC CC3.4, CC8.1\n- ISO 27001 2013 A12.1.2, A14.2.2, A.14.2.6, A.14.2.9\n- NIST 800-53 CM-3, CM-3(2), SA-8(31), SI-6\n\nIllustrative [GitLab controls for branch protection settings](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/guidance/change-management.html) include:\n- CHG-04: GitLab Inc. has implemented mechanisms to enforce configuration restrictions in an effort to restrict the ability of users to conduct unauthorized changes.\n\n## 4. Activate merge request approval settings *\n\nChanges to your project repository typically start with a merge request. If your default branch is protected, commits must be done through a merge request. By configuring your merge request settings with approval rules ensures that changes are properly approved prior to deployment to production. Within the merge request approval settings you can specify the number of approvals required and the allowed approvers for specific merge requests.\n\nIn addition, there are a number of approval settings that further enforce segregation of duties within change management:\n- [Prevent approval by author](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#prevent-approval-by-author): When enabled, the author cannot also provide one of the required approvals.\n- [Prevent approvals by users who add commits](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#prevent-approvals-by-users-who-add-commits): When enabled, users who have committed to a merge request cannot also approve it.\n- [Prevent editing approval rules in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#prevent-editing-approval-rules-in-merge-requests): When enabled, users can’t override the project’s approval rules on merge requests.\n- [Require user password to approve](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#require-user-password-to-approve): When enabled, users must first authenticate with a password prior to submitting approval.\n- [Remove all approvals when commits are added to the source branch](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html#remove-all-approvals-when-commits-are-added-to-the-source-branch): When enabled, this removes all existing approvals on a merge request when more changes are added to it.\n\nMerge request approval settings should be configured in accordance with your organization's change management policy. An example of how to configure merge requests according to the best practices outlined above is as follows:\n\n![file name](https://about.gitlab.com/images/blogimages/top-5/mr_approval_example.png){: .shadow}\nExample of how to configure merge requests\n{: .note.text-center}\n\n\nIn the example above, you can see that at least two approvers are required: to enforce segregation of duties and that the approval settings are enforced.\n\nIf your change management policy requires approvals from different groups or departments, such as the business owner and the data owner, those approval groups can be added as additional approval rules. When enabled, these settings provide reasonable assurance that your organization’s GitLab instance enforces segregation of duties and systematically enforces your organizational change management policy.\n\nTo ensure all projects under a certain group have the same merge request approval settings, at the top-level group, [group approval settings](https://docs.gitlab.com/ee/user/group/#group-merge-request-approval-settings) can be configured. These settings cascade to all projects that belong to the group.\n\nMerge request approval settings can be modified by anyone with at least “maintainer” access. In order to monitor if merge request approval settings are inappropriately modified, consider implementing a monitoring control by utilizing audit events.\n\nFor more information, refer to our GitLab documentation around merge request [approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/index.html) and [settings](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/settings.html).\n\n### Compliance standards and GitLab controls for merge approvals\n\nMerge approval settings relate to the following compliance standards:\n- COSO Principle 9\n- AICPA TSC CC3.4, CC8.1\n- ISO 27001 2013 A12.1.2, A14.2.2, A.14.2.6, A.14.2.9,\n- NIST 800-53 CM-3, CM-3(2), SA-8(31), SI-6\n\nIllustrative [GitLab controls for merge approval settings](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/guidance/change-management.html) include:\n* CHG-04: GitLab Inc. has implemented mechanisms to enforce configuration restrictions in an effort to restrict the ability of users to conduct unauthorized changes.\n\n## 5. Configure audit events *\n\nAudit events are a way to view changes made within GitLab and can be leveraged as a detective and monitoring control for continuous monitoring of configured settings. A report can be generated on the audit event, which can then be provided to auditors to evidence your company’s compliance for the audit period for a specific, configured setting.\n\nAudit events can be configured at the group, project and instance level.\n\nIt is best practice to monitor the following [audit events](https://docs.gitlab.com/ee/administration/audit_events.html#project-events) in your GitLab environment:\n- merge approval settings\n- protected branch settings\n\nAs previously mentioned, merge approval settings and protected branch settings can be modified by anyone with “maintainer” access. By monitoring these critical settings for audit events, it can be determined if the protected branch settings or merge approval settings were modified during the period. If the settings were modified, investigation can occur to understand the potential impact and be an indicator to turn the setting back on.\n\nHere’s an example of what these audit events look like:\n\n![file name](https://about.gitlab.com/images/blogimages/top-5/audit_event_example.png){: .shadow}\nExample of audit events\n{: .note.text-center}\n\n\nIn this example of audit events, we see the following:\n- The merge approval settings “require new approvals when new commits are added to an MR” was turned off on the project.\n- The number of required approvals was reduced from 2 to 1.\n- Merging is now allowed by anyone on the default branch.\nThese changes would alter the protected branch settings and merge approval settings that were previously configured.\n\n[Audit events can be streamed](https://docs.gitlab.com/ee/administration/audit_event_streaming.html) to third-party systems. The advantage of this is to integrate into a security information and event management (SIEM) system for centralized monitoring and alerting.\n\nTo learn more, check out the [GitLab documentation surrounding audit events](https://docs.gitlab.com/ee/administration/audit_events.html).\n\n### Compliance standards and GitLab controls for audit events\n\nAudit events relate to the following compliance standards:\n- COSO Principle 13\n- AICPA TSC CC4.1, CC7.2\n- ISO 27001 2013 A12.4.1, A12.4.3\n- NIST 800-53 AU-2\n\nIllustrative [GitLab controls for audit events](https://handbook.gitlab.com/handbook/security/security-assurance/security-compliance/guidance/continuous-monitoring.html):\n- CHG-07: Audit events are reviewed quarterly to ensure no inappropriate changes to key change management Segregation Of Duties (SOD) settings.\n- MON-03: Configure systems to produce audit records that contain sufficient information to, at a minimum: establish what type of event occurred; when (date and time) the event occurred; where the event occurred; the source of the event; the outcome (success or failure) of the event; and the identity of any user/subject associated with the event.\n\nHow does GitLab help you maintain your compliance? Have a favorite feature that helps your org maintain its compliance that we missed, let us know in the comments!\n\nInterested in learning more about how your organization can leverage the compliance features offered within GitLab? [Connect with a specialist to learn more](/sales/).\n\n**Note:** An asterisk (*) denotes a feature which is not available on our free tier.\n{: .note}\n\nCover image by [Miguel Á. Padriñán](https://www.pexels.com/@padrinan/) on [Pexels](https://www.pexels.com/photo/5-strike-symbol-1010973/)\n{: .note}\n","security",[21],{"slug":24,"featured":6,"template":25},"top-5-compliance-features-to-leverage-in-gitlab","BlogPost","content:en-us:blog:top-5-compliance-features-to-leverage-in-gitlab.yml","yaml","Top 5 Compliance Features To Leverage In Gitlab","content","en-us/blog/top-5-compliance-features-to-leverage-in-gitlab.yml","en-us/blog/top-5-compliance-features-to-leverage-in-gitlab","yml",{"_path":34,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":36,"_id":446,"_type":27,"title":447,"_source":29,"_file":448,"_stem":449,"_extension":32},"/shared/en-us/main-navigation","en-us",{"logo":37,"freeTrial":42,"sales":47,"login":52,"items":57,"search":387,"minimal":418,"duo":437},{"config":38},{"href":39,"dataGaName":40,"dataGaLocation":41},"/","gitlab logo","header",{"text":43,"config":44},"Get free trial",{"href":45,"dataGaName":46,"dataGaLocation":41},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":48,"config":49},"Talk to sales",{"href":50,"dataGaName":51,"dataGaLocation":41},"/sales/","sales",{"text":53,"config":54},"Sign in",{"href":55,"dataGaName":56,"dataGaLocation":41},"https://gitlab.com/users/sign_in/","sign in",[58,102,198,203,308,368],{"text":59,"config":60,"cards":62,"footer":85},"Platform",{"dataNavLevelOne":61},"platform",[63,69,77],{"title":59,"description":64,"link":65},"The most comprehensive AI-powered DevSecOps Platform",{"text":66,"config":67},"Explore our Platform",{"href":68,"dataGaName":61,"dataGaLocation":41},"/platform/",{"title":70,"description":71,"link":72},"GitLab Duo (AI)","Build software faster with AI at every stage of development",{"text":73,"config":74},"Meet GitLab Duo",{"href":75,"dataGaName":76,"dataGaLocation":41},"/gitlab-duo/","gitlab duo ai",{"title":78,"description":79,"link":80},"Why GitLab","10 reasons why Enterprises choose GitLab",{"text":81,"config":82},"Learn more",{"href":83,"dataGaName":84,"dataGaLocation":41},"/why-gitlab/","why gitlab",{"title":86,"items":87},"Get started with",[88,93,98],{"text":89,"config":90},"Platform Engineering",{"href":91,"dataGaName":92,"dataGaLocation":41},"/solutions/platform-engineering/","platform engineering",{"text":94,"config":95},"Developer Experience",{"href":96,"dataGaName":97,"dataGaLocation":41},"/developer-experience/","Developer experience",{"text":99,"config":100},"MLOps",{"href":101,"dataGaName":99,"dataGaLocation":41},"/topics/devops/the-role-of-ai-in-devops/",{"text":103,"left":104,"config":105,"link":107,"lists":111,"footer":180},"Product",true,{"dataNavLevelOne":106},"solutions",{"text":108,"config":109},"View all Solutions",{"href":110,"dataGaName":106,"dataGaLocation":41},"/solutions/",[112,137,159],{"title":113,"description":114,"link":115,"items":120},"Automation","CI/CD and automation to accelerate deployment",{"config":116},{"icon":117,"href":118,"dataGaName":119,"dataGaLocation":41},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[121,125,129,133],{"text":122,"config":123},"CI/CD",{"href":124,"dataGaLocation":41,"dataGaName":122},"/solutions/continuous-integration/",{"text":126,"config":127},"AI-Assisted Development",{"href":75,"dataGaLocation":41,"dataGaName":128},"AI assisted development",{"text":130,"config":131},"Source Code Management",{"href":132,"dataGaLocation":41,"dataGaName":130},"/solutions/source-code-management/",{"text":134,"config":135},"Automated Software Delivery",{"href":118,"dataGaLocation":41,"dataGaName":136},"Automated software delivery",{"title":138,"description":139,"link":140,"items":145},"Security","Deliver code faster without compromising security",{"config":141},{"href":142,"dataGaName":143,"dataGaLocation":41,"icon":144},"/solutions/security-compliance/","security and compliance","ShieldCheckLight",[146,149,154],{"text":147,"config":148},"Security & Compliance",{"href":142,"dataGaLocation":41,"dataGaName":147},{"text":150,"config":151},"Software Supply Chain Security",{"href":152,"dataGaLocation":41,"dataGaName":153},"/solutions/supply-chain/","Software supply chain security",{"text":155,"config":156},"Compliance & Governance",{"href":157,"dataGaLocation":41,"dataGaName":158},"/solutions/continuous-software-compliance/","Compliance and governance",{"title":160,"link":161,"items":166},"Measurement",{"config":162},{"icon":163,"href":164,"dataGaName":165,"dataGaLocation":41},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[167,171,175],{"text":168,"config":169},"Visibility & Measurement",{"href":164,"dataGaLocation":41,"dataGaName":170},"Visibility and Measurement",{"text":172,"config":173},"Value Stream Management",{"href":174,"dataGaLocation":41,"dataGaName":172},"/solutions/value-stream-management/",{"text":176,"config":177},"Analytics & Insights",{"href":178,"dataGaLocation":41,"dataGaName":179},"/solutions/analytics-and-insights/","Analytics and insights",{"title":181,"items":182},"GitLab for",[183,188,193],{"text":184,"config":185},"Enterprise",{"href":186,"dataGaLocation":41,"dataGaName":187},"/enterprise/","enterprise",{"text":189,"config":190},"Small Business",{"href":191,"dataGaLocation":41,"dataGaName":192},"/small-business/","small business",{"text":194,"config":195},"Public Sector",{"href":196,"dataGaLocation":41,"dataGaName":197},"/solutions/public-sector/","public sector",{"text":199,"config":200},"Pricing",{"href":201,"dataGaName":202,"dataGaLocation":41,"dataNavLevelOne":202},"/pricing/","pricing",{"text":204,"config":205,"link":207,"lists":211,"feature":295},"Resources",{"dataNavLevelOne":206},"resources",{"text":208,"config":209},"View all resources",{"href":210,"dataGaName":206,"dataGaLocation":41},"/resources/",[212,245,267],{"title":213,"items":214},"Getting started",[215,220,225,230,235,240],{"text":216,"config":217},"Install",{"href":218,"dataGaName":219,"dataGaLocation":41},"/install/","install",{"text":221,"config":222},"Quick start guides",{"href":223,"dataGaName":224,"dataGaLocation":41},"/get-started/","quick setup checklists",{"text":226,"config":227},"Learn",{"href":228,"dataGaLocation":41,"dataGaName":229},"https://university.gitlab.com/","learn",{"text":231,"config":232},"Product documentation",{"href":233,"dataGaName":234,"dataGaLocation":41},"https://docs.gitlab.com/","product documentation",{"text":236,"config":237},"Best practice videos",{"href":238,"dataGaName":239,"dataGaLocation":41},"/getting-started-videos/","best practice videos",{"text":241,"config":242},"Integrations",{"href":243,"dataGaName":244,"dataGaLocation":41},"/integrations/","integrations",{"title":246,"items":247},"Discover",[248,253,257,262],{"text":249,"config":250},"Customer success stories",{"href":251,"dataGaName":252,"dataGaLocation":41},"/customers/","customer success stories",{"text":254,"config":255},"Blog",{"href":256,"dataGaName":5,"dataGaLocation":41},"/blog/",{"text":258,"config":259},"Remote",{"href":260,"dataGaName":261,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":263,"config":264},"TeamOps",{"href":265,"dataGaName":266,"dataGaLocation":41},"/teamops/","teamops",{"title":268,"items":269},"Connect",[270,275,280,285,290],{"text":271,"config":272},"GitLab Services",{"href":273,"dataGaName":274,"dataGaLocation":41},"/services/","services",{"text":276,"config":277},"Community",{"href":278,"dataGaName":279,"dataGaLocation":41},"/community/","community",{"text":281,"config":282},"Forum",{"href":283,"dataGaName":284,"dataGaLocation":41},"https://forum.gitlab.com/","forum",{"text":286,"config":287},"Events",{"href":288,"dataGaName":289,"dataGaLocation":41},"/events/","events",{"text":291,"config":292},"Partners",{"href":293,"dataGaName":294,"dataGaLocation":41},"/partners/","partners",{"backgroundColor":296,"textColor":297,"text":298,"image":299,"link":303},"#2f2a6b","#fff","Insights for the future of software development",{"altText":300,"config":301},"the source promo card",{"src":302},"/images/navigation/the-source-promo-card.svg",{"text":304,"config":305},"Read the latest",{"href":306,"dataGaName":307,"dataGaLocation":41},"/the-source/","the source",{"text":309,"config":310,"lists":312},"Company",{"dataNavLevelOne":311},"company",[313],{"items":314},[315,320,326,328,333,338,343,348,353,358,363],{"text":316,"config":317},"About",{"href":318,"dataGaName":319,"dataGaLocation":41},"/company/","about",{"text":321,"config":322,"footerGa":325},"Jobs",{"href":323,"dataGaName":324,"dataGaLocation":41},"/jobs/","jobs",{"dataGaName":324},{"text":286,"config":327},{"href":288,"dataGaName":289,"dataGaLocation":41},{"text":329,"config":330},"Leadership",{"href":331,"dataGaName":332,"dataGaLocation":41},"/company/team/e-group/","leadership",{"text":334,"config":335},"Team",{"href":336,"dataGaName":337,"dataGaLocation":41},"/company/team/","team",{"text":339,"config":340},"Handbook",{"href":341,"dataGaName":342,"dataGaLocation":41},"https://handbook.gitlab.com/","handbook",{"text":344,"config":345},"Investor relations",{"href":346,"dataGaName":347,"dataGaLocation":41},"https://ir.gitlab.com/","investor relations",{"text":349,"config":350},"Trust Center",{"href":351,"dataGaName":352,"dataGaLocation":41},"/security/","trust center",{"text":354,"config":355},"AI Transparency Center",{"href":356,"dataGaName":357,"dataGaLocation":41},"/ai-transparency-center/","ai transparency center",{"text":359,"config":360},"Newsletter",{"href":361,"dataGaName":362,"dataGaLocation":41},"/company/contact/","newsletter",{"text":364,"config":365},"Press",{"href":366,"dataGaName":367,"dataGaLocation":41},"/press/","press",{"text":369,"config":370,"lists":371},"Contact us",{"dataNavLevelOne":311},[372],{"items":373},[374,377,382],{"text":48,"config":375},{"href":50,"dataGaName":376,"dataGaLocation":41},"talk to sales",{"text":378,"config":379},"Get help",{"href":380,"dataGaName":381,"dataGaLocation":41},"/support/","get help",{"text":383,"config":384},"Customer portal",{"href":385,"dataGaName":386,"dataGaLocation":41},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":388,"login":389,"suggestions":396},"Close",{"text":390,"link":391},"To search repositories and projects, login to",{"text":392,"config":393},"gitlab.com",{"href":55,"dataGaName":394,"dataGaLocation":395},"search login","search",{"text":397,"default":398},"Suggestions",[399,401,405,407,411,415],{"text":70,"config":400},{"href":75,"dataGaName":70,"dataGaLocation":395},{"text":402,"config":403},"Code Suggestions (AI)",{"href":404,"dataGaName":402,"dataGaLocation":395},"/solutions/code-suggestions/",{"text":122,"config":406},{"href":124,"dataGaName":122,"dataGaLocation":395},{"text":408,"config":409},"GitLab on AWS",{"href":410,"dataGaName":408,"dataGaLocation":395},"/partners/technology-partners/aws/",{"text":412,"config":413},"GitLab on Google Cloud",{"href":414,"dataGaName":412,"dataGaLocation":395},"/partners/technology-partners/google-cloud-platform/",{"text":416,"config":417},"Why GitLab?",{"href":83,"dataGaName":416,"dataGaLocation":395},{"freeTrial":419,"mobileIcon":424,"desktopIcon":429,"secondaryButton":432},{"text":420,"config":421},"Start free trial",{"href":422,"dataGaName":46,"dataGaLocation":423},"https://gitlab.com/-/trials/new/","nav",{"altText":425,"config":426},"Gitlab Icon",{"src":427,"dataGaName":428,"dataGaLocation":423},"/images/brand/gitlab-logo-tanuki.svg","gitlab icon",{"altText":425,"config":430},{"src":431,"dataGaName":428,"dataGaLocation":423},"/images/brand/gitlab-logo-type.svg",{"text":433,"config":434},"Get Started",{"href":435,"dataGaName":436,"dataGaLocation":423},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":438,"mobileIcon":442,"desktopIcon":444},{"text":439,"config":440},"Learn more about GitLab Duo",{"href":75,"dataGaName":441,"dataGaLocation":423},"gitlab duo",{"altText":425,"config":443},{"src":427,"dataGaName":428,"dataGaLocation":423},{"altText":425,"config":445},{"src":431,"dataGaName":428,"dataGaLocation":423},"content:shared:en-us:main-navigation.yml","Main Navigation","shared/en-us/main-navigation.yml","shared/en-us/main-navigation",{"_path":451,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"title":452,"button":453,"image":457,"config":460,"_id":462,"_type":27,"_source":29,"_file":463,"_stem":464,"_extension":32},"/shared/en-us/banner","is now in public beta!",{"text":81,"config":454},{"href":455,"dataGaName":456,"dataGaLocation":41},"/gitlab-duo/agent-platform/","duo banner",{"config":458},{"src":459},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1753720689/somrf9zaunk0xlt7ne4x.svg",{"layout":461},"release","content:shared:en-us:banner.yml","shared/en-us/banner.yml","shared/en-us/banner",{"_path":466,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"data":467,"_id":672,"_type":27,"title":673,"_source":29,"_file":674,"_stem":675,"_extension":32},"/shared/en-us/main-footer",{"text":468,"source":469,"edit":475,"contribute":480,"config":485,"items":490,"minimal":664},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":470,"config":471},"View page source",{"href":472,"dataGaName":473,"dataGaLocation":474},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":476,"config":477},"Edit this page",{"href":478,"dataGaName":479,"dataGaLocation":474},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":481,"config":482},"Please contribute",{"href":483,"dataGaName":484,"dataGaLocation":474},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":486,"facebook":487,"youtube":488,"linkedin":489},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[491,514,571,600,634],{"title":59,"links":492,"subMenu":497},[493],{"text":494,"config":495},"DevSecOps platform",{"href":68,"dataGaName":496,"dataGaLocation":474},"devsecops platform",[498],{"title":199,"links":499},[500,504,509],{"text":501,"config":502},"View plans",{"href":201,"dataGaName":503,"dataGaLocation":474},"view plans",{"text":505,"config":506},"Why Premium?",{"href":507,"dataGaName":508,"dataGaLocation":474},"/pricing/premium/","why premium",{"text":510,"config":511},"Why Ultimate?",{"href":512,"dataGaName":513,"dataGaLocation":474},"/pricing/ultimate/","why ultimate",{"title":515,"links":516},"Solutions",[517,522,525,527,532,537,541,544,548,553,555,558,561,566],{"text":518,"config":519},"Digital transformation",{"href":520,"dataGaName":521,"dataGaLocation":474},"/topics/digital-transformation/","digital transformation",{"text":147,"config":523},{"href":142,"dataGaName":524,"dataGaLocation":474},"security & compliance",{"text":136,"config":526},{"href":118,"dataGaName":119,"dataGaLocation":474},{"text":528,"config":529},"Agile development",{"href":530,"dataGaName":531,"dataGaLocation":474},"/solutions/agile-delivery/","agile delivery",{"text":533,"config":534},"Cloud transformation",{"href":535,"dataGaName":536,"dataGaLocation":474},"/topics/cloud-native/","cloud transformation",{"text":538,"config":539},"SCM",{"href":132,"dataGaName":540,"dataGaLocation":474},"source code management",{"text":122,"config":542},{"href":124,"dataGaName":543,"dataGaLocation":474},"continuous integration & delivery",{"text":545,"config":546},"Value stream management",{"href":174,"dataGaName":547,"dataGaLocation":474},"value stream management",{"text":549,"config":550},"GitOps",{"href":551,"dataGaName":552,"dataGaLocation":474},"/solutions/gitops/","gitops",{"text":184,"config":554},{"href":186,"dataGaName":187,"dataGaLocation":474},{"text":556,"config":557},"Small business",{"href":191,"dataGaName":192,"dataGaLocation":474},{"text":559,"config":560},"Public sector",{"href":196,"dataGaName":197,"dataGaLocation":474},{"text":562,"config":563},"Education",{"href":564,"dataGaName":565,"dataGaLocation":474},"/solutions/education/","education",{"text":567,"config":568},"Financial services",{"href":569,"dataGaName":570,"dataGaLocation":474},"/solutions/finance/","financial services",{"title":204,"links":572},[573,575,577,579,582,584,586,588,590,592,594,596,598],{"text":216,"config":574},{"href":218,"dataGaName":219,"dataGaLocation":474},{"text":221,"config":576},{"href":223,"dataGaName":224,"dataGaLocation":474},{"text":226,"config":578},{"href":228,"dataGaName":229,"dataGaLocation":474},{"text":231,"config":580},{"href":233,"dataGaName":581,"dataGaLocation":474},"docs",{"text":254,"config":583},{"href":256,"dataGaName":5,"dataGaLocation":474},{"text":249,"config":585},{"href":251,"dataGaName":252,"dataGaLocation":474},{"text":258,"config":587},{"href":260,"dataGaName":261,"dataGaLocation":474},{"text":271,"config":589},{"href":273,"dataGaName":274,"dataGaLocation":474},{"text":263,"config":591},{"href":265,"dataGaName":266,"dataGaLocation":474},{"text":276,"config":593},{"href":278,"dataGaName":279,"dataGaLocation":474},{"text":281,"config":595},{"href":283,"dataGaName":284,"dataGaLocation":474},{"text":286,"config":597},{"href":288,"dataGaName":289,"dataGaLocation":474},{"text":291,"config":599},{"href":293,"dataGaName":294,"dataGaLocation":474},{"title":309,"links":601},[602,604,606,608,610,612,614,618,623,625,627,629],{"text":316,"config":603},{"href":318,"dataGaName":311,"dataGaLocation":474},{"text":321,"config":605},{"href":323,"dataGaName":324,"dataGaLocation":474},{"text":329,"config":607},{"href":331,"dataGaName":332,"dataGaLocation":474},{"text":334,"config":609},{"href":336,"dataGaName":337,"dataGaLocation":474},{"text":339,"config":611},{"href":341,"dataGaName":342,"dataGaLocation":474},{"text":344,"config":613},{"href":346,"dataGaName":347,"dataGaLocation":474},{"text":615,"config":616},"Sustainability",{"href":617,"dataGaName":615,"dataGaLocation":474},"/sustainability/",{"text":619,"config":620},"Diversity, inclusion and belonging (DIB)",{"href":621,"dataGaName":622,"dataGaLocation":474},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":349,"config":624},{"href":351,"dataGaName":352,"dataGaLocation":474},{"text":359,"config":626},{"href":361,"dataGaName":362,"dataGaLocation":474},{"text":364,"config":628},{"href":366,"dataGaName":367,"dataGaLocation":474},{"text":630,"config":631},"Modern Slavery Transparency Statement",{"href":632,"dataGaName":633,"dataGaLocation":474},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":635,"links":636},"Contact Us",[637,640,642,644,649,654,659],{"text":638,"config":639},"Contact an expert",{"href":50,"dataGaName":51,"dataGaLocation":474},{"text":378,"config":641},{"href":380,"dataGaName":381,"dataGaLocation":474},{"text":383,"config":643},{"href":385,"dataGaName":386,"dataGaLocation":474},{"text":645,"config":646},"Status",{"href":647,"dataGaName":648,"dataGaLocation":474},"https://status.gitlab.com/","status",{"text":650,"config":651},"Terms of use",{"href":652,"dataGaName":653,"dataGaLocation":474},"/terms/","terms of use",{"text":655,"config":656},"Privacy statement",{"href":657,"dataGaName":658,"dataGaLocation":474},"/privacy/","privacy statement",{"text":660,"config":661},"Cookie preferences",{"dataGaName":662,"dataGaLocation":474,"id":663,"isOneTrustButton":104},"cookie preferences","ot-sdk-btn",{"items":665},[666,668,670],{"text":650,"config":667},{"href":652,"dataGaName":653,"dataGaLocation":474},{"text":655,"config":669},{"href":657,"dataGaName":658,"dataGaLocation":474},{"text":660,"config":671},{"dataGaName":662,"dataGaLocation":474,"id":663,"isOneTrustButton":104},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",[677],{"_path":678,"_dir":679,"_draft":6,"_partial":6,"_locale":7,"content":680,"config":684,"_id":686,"_type":27,"title":18,"_source":29,"_file":687,"_stem":688,"_extension":32},"/en-us/blog/authors/madeline-lake","authors",{"name":18,"config":681},{"headshot":682,"ctfId":683},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749659736/Blog/Author%20Headshots/madlake-headshot.jpg","madlake",{"template":685},"BlogAuthor","content:en-us:blog:authors:madeline-lake.yml","en-us/blog/authors/madeline-lake.yml","en-us/blog/authors/madeline-lake",{"_path":690,"_dir":35,"_draft":6,"_partial":6,"_locale":7,"header":691,"eyebrow":692,"blurb":693,"button":694,"secondaryButton":698,"_id":700,"_type":27,"title":701,"_source":29,"_file":702,"_stem":703,"_extension":32},"/shared/en-us/next-steps","Start shipping better software faster","50%+ of the Fortune 100 trust GitLab","See what your team can do with the intelligent\n\n\nDevSecOps platform.\n",{"text":43,"config":695},{"href":696,"dataGaName":46,"dataGaLocation":697},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":48,"config":699},{"href":50,"dataGaName":51,"dataGaLocation":697},"content:shared:en-us:next-steps.yml","Next Steps","shared/en-us/next-steps.yml","shared/en-us/next-steps",1754424509308]